From 081ad66b89ab6553e311c85161314de1028b87a7 Mon Sep 17 00:00:00 2001 From: saw-jan Date: Wed, 23 Mar 2022 14:54:52 +0545 Subject: [PATCH 01/11] fix image name for deploy pipeline --- .drone.star | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.star b/.drone.star index 0666770ed..e5e702c35 100644 --- a/.drone.star +++ b/.drone.star @@ -1753,7 +1753,7 @@ def deploy(ctx, config, rebuild): }, { "name": "deploy", - "image": SELENIUM_STANDALONE_CHROME_DEBUG, + "image": OC_CI_DRONE_ANSIBLE, "failure": "ignore", "environment": { "CONTINUOUS_DEPLOY_SERVERS_CONFIG": "../%s" % (config), From 763d294a9b367fd8690b6d0f41e63d60a09593da Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Wed, 23 Mar 2022 15:10:37 +0545 Subject: [PATCH 02/11] Bump core commit id 2022-03-23 --- .drone.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.env b/.drone.env index 2ad7303e0..0a75c5a74 100644 --- a/.drone.env +++ b/.drone.env @@ -1,5 +1,5 @@ # The test runner source for API tests -CORE_COMMITID=5b738dfa70b5493cb305123ad1d1a2c3055863c0 +CORE_COMMITID=8fc353d79e7c0de1e137220c2422efcfe2ac5b89 CORE_BRANCH=master # The test runner source for UI tests From 0e9c1e5a68669cee254ee08a996f7cad91645a18 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Wed, 23 Mar 2022 11:54:17 +0100 Subject: [PATCH 03/11] Update settings.yml --- .github/settings.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/settings.yml b/.github/settings.yml index 684f57c36..ae496fcc1 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -65,3 +65,4 @@ branches: - employees ... + From 1090d3c961278020fc43c2fe9d4158231f074500 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Wed, 16 Mar 2022 15:12:16 +0100 Subject: [PATCH 04/11] Add service user for settings service This is a quick workaround to make the settings service work with idm after b7c934b1b1. We need to to provide a better solution for service users like that (they shouldn't need to be present in ldap) --- idm/ldif/base.ldif.tmpl | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/idm/ldif/base.ldif.tmpl b/idm/ldif/base.ldif.tmpl index 5c290ad17..5cdc44a3b 100644 --- a/idm/ldif/base.ldif.tmpl +++ b/idm/ldif/base.ldif.tmpl @@ -22,3 +22,18 @@ uid: {{ .Name }} userPassword:: {{ .Password }} {{ end -}} + +## Service user for the settings service +dn: uid=95cb8724-03b2-11eb-a0a6-c33ef8ef53ad,ou=users,o=libregraph-idm +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: ownCloud +objectClass: person +objectClass: top +uid: 95cb8724-03b2-11eb-a0a6-c33ef8ef53ad +givenName: 95cb8724-03b2-11eb-a0a6-c33ef8ef53ad +sn: 95cb8724-03b2-11eb-a0a6-c33ef8ef53ad +cn: 95cb8724-03b2-11eb-a0a6-c33ef8ef53ad +displayName: 95cb8724-03b2-11eb-a0a6-c33ef8ef53ad +ownCloudUUID: 95cb8724-03b2-11eb-a0a6-c33ef8ef53ad + From 20125eff9d189c2dba0df91593c652ef621a14f1 Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Wed, 23 Mar 2022 18:00:41 +0545 Subject: [PATCH 05/11] Bump core commit id to include cofre PR 39914 --- .drone.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.env b/.drone.env index 0a75c5a74..794e13a53 100644 --- a/.drone.env +++ b/.drone.env @@ -1,5 +1,5 @@ # The test runner source for API tests -CORE_COMMITID=8fc353d79e7c0de1e137220c2422efcfe2ac5b89 +CORE_COMMITID=87d2f9a69a11838b9b591a09da4d13f860dd4a31 CORE_BRANCH=master # The test runner source for UI tests From 0f6308448aabe4d9c33c30b8ac420ee57f454904 Mon Sep 17 00:00:00 2001 From: Pascal Wengerter Date: Wed, 23 Mar 2022 14:31:17 +0100 Subject: [PATCH 06/11] Bump web to v5.3.0 --- .drone.env | 2 +- changelog/unreleased/update-web-5.3.0-rc.1.md | 9 --------- changelog/unreleased/update-web-5.3.0.md | 10 ++++++++++ settings/ui/tests/acceptance/helpers/language.js | 8 ++++++-- .../expected-failures-webUI-on-OCIS-storage.md | 4 ++-- web/Makefile | 2 +- 6 files changed, 20 insertions(+), 15 deletions(-) delete mode 100644 changelog/unreleased/update-web-5.3.0-rc.1.md create mode 100644 changelog/unreleased/update-web-5.3.0.md diff --git a/.drone.env b/.drone.env index 0a75c5a74..179fbfb2c 100644 --- a/.drone.env +++ b/.drone.env @@ -3,5 +3,5 @@ CORE_COMMITID=8fc353d79e7c0de1e137220c2422efcfe2ac5b89 CORE_BRANCH=master # The test runner source for UI tests -WEB_COMMITID=bb612cfc1c63316a159c7e29b81438595cef8fdb +WEB_COMMITID=77faf9890974083c0c555fd83586c2448845b11d WEB_BRANCH=master diff --git a/changelog/unreleased/update-web-5.3.0-rc.1.md b/changelog/unreleased/update-web-5.3.0-rc.1.md deleted file mode 100644 index b14172843..000000000 --- a/changelog/unreleased/update-web-5.3.0-rc.1.md +++ /dev/null @@ -1,9 +0,0 @@ -Enhancement: Update ownCloud Web to v5.3.0-rc.1 - -Tags: web - -We updated ownCloud Web to v5.3.0-rc.1. Please refer to the changelog (linked) for details on the web release. - -https://github.com/owncloud/web/pull/6561 -https://github.com/owncloud/ocis/pull/3291 -https://github.com/owncloud/web/releases/tag/v5.3.0-rc.1 diff --git a/changelog/unreleased/update-web-5.3.0.md b/changelog/unreleased/update-web-5.3.0.md new file mode 100644 index 000000000..dbe7c9a24 --- /dev/null +++ b/changelog/unreleased/update-web-5.3.0.md @@ -0,0 +1,10 @@ +Enhancement: Update ownCloud Web to v5.3.0 + +Tags: web + +We updated ownCloud Web to v5.3.0. Please refer to the changelog (linked) for details on the web release. + +https://github.com/owncloud/web/pull/6561 +https://github.com/owncloud/ocis/pull/3291 +https://github.com/owncloud/ocis/pull/3375 +https://github.com/owncloud/web/releases/tag/v5.3.0 diff --git a/settings/ui/tests/acceptance/helpers/language.js b/settings/ui/tests/acceptance/helpers/language.js index 8bc2bb277..606c94299 100644 --- a/settings/ui/tests/acceptance/helpers/language.js +++ b/settings/ui/tests/acceptance/helpers/language.js @@ -6,8 +6,8 @@ const filesMenu = { 'Deleted files' ], Deutsch: [ - 'Persöhnlich', - 'Shares', + 'Persönlich', + 'Geteilt', 'Spaces\nbeta', 'Gelöschte Dateien' ], @@ -55,24 +55,28 @@ const accountMenu = { const filesListHeaderMenu = { English: [ 'Name', + 'Shares', 'Size', 'Modified', 'Actions' ], Deutsch: [ 'Name', + 'Geteilt', 'Größe', 'Bearbeitet', 'Aktionen' ], Español: [ 'Nombre', + 'Shares', 'Tamaño', 'Modificado', 'Acciones' ], Français: [ 'Nom', + 'Shares', 'Taille', 'Modifié', 'Actions' diff --git a/tests/acceptance/expected-failures-webUI-on-OCIS-storage.md b/tests/acceptance/expected-failures-webUI-on-OCIS-storage.md index 18935ea82..b0abde884 100644 --- a/tests/acceptance/expected-failures-webUI-on-OCIS-storage.md +++ b/tests/acceptance/expected-failures-webUI-on-OCIS-storage.md @@ -308,7 +308,7 @@ Other free text and markdown formatting can be used elsewhere in the document if - [webUISharingPublicDifferentRoles/shareByPublicLinkDifferentRoles.feature:60](https://github.com/owncloud/web/blob/master/tests/acceptance/features/webUISharingPublicDifferentRoles/shareByPublicLinkDifferentRoles.feature#L60) ### [Listing shares via ocs API does not show path for parent folders](https://github.com/owncloud/ocis/issues/1231) -- [webUISharingPublicManagement/shareByPublicLink.feature:134](https://github.com/owncloud/web/blob/master/tests/acceptance/features/webUISharingPublicManagement/shareByPublicLink.feature#L134) +- [webUISharingPublicManagement/shareByPublicLink.feature:133](https://github.com/owncloud/web/blob/master/tests/acceptance/features/webUISharingPublicManagement/shareByPublicLink.feature#L133) ### [Propfind response to trashbin endpoint is different in ocis](https://github.com/owncloud/product/issues/186) ### [restoring a file from "Deleted files" (trashbin) is not possible if the original folder does not exist any-more](https://github.com/owncloud/web/issues/1753) @@ -469,7 +469,7 @@ Other free text and markdown formatting can be used elsewhere in the document if - [webUIUpload/upload.feature:129](https://github.com/owncloud/web/blob/master/tests/acceptance/features/webUIUpload/upload.feature#L129) - [webUIUpload/upload.feature:142](https://github.com/owncloud/web/blob/master/tests/acceptance/features/webUIUpload/upload.feature#L142) - [webUIUpload/upload.feature:159](https://github.com/owncloud/web/blob/master/tests/acceptance/features/webUIUpload/upload.feature#L159) -- [webUIUpload/uploadEdgecases.feature:67](https://github.com/owncloud/web/blob/master/tests/acceptance/features/webUIUpload/uploadEdgecases.feature#L67) +- [webUIUpload/uploadEdgecases.feature:69](https://github.com/owncloud/web/blob/master/tests/acceptance/features/webUIUpload/uploadEdgecases.feature#L69) ### [browsing directly to a details 'tab' is not possible](https://github.com/owncloud/web/issues/5464) - [webUIFiles/browseDirectlyToDetailsTab.feature:21](https://github.com/owncloud/web/blob/master/tests/acceptance/features/webUIFiles/browseDirectlyToDetailsTab.feature#L21) diff --git a/web/Makefile b/web/Makefile index d195a3588..967492140 100644 --- a/web/Makefile +++ b/web/Makefile @@ -1,6 +1,6 @@ SHELL := bash NAME := web -WEB_ASSETS_VERSION = v5.3.0-rc.1 +WEB_ASSETS_VERSION = v5.3.0 include ../.make/recursion.mk From 1f185c1fe692669dbeffdbc0cbddaf8dd5a31ae3 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Wed, 23 Mar 2022 12:40:55 +0100 Subject: [PATCH 07/11] [docs-only] Add a few words about idm and how to enable it --- docs/extensions/idm/setup.md | 57 ++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 docs/extensions/idm/setup.md diff --git a/docs/extensions/idm/setup.md b/docs/extensions/idm/setup.md new file mode 100644 index 000000000..085df6953 --- /dev/null +++ b/docs/extensions/idm/setup.md @@ -0,0 +1,57 @@ +--- +title: Service Setup +date: 2022-03-22T00:00:00+00:00 +weight: 20 +geekdocRepo: https://github.com/owncloud/ocis +geekdocEditPath: edit/master/docs/extensions/idm +geekdocFilePath: setup.md +geekdocCollapseSection: true +--- + +{{< toc >}} + +## Using ocis with libregraph/idm + +Currently, oCIS still runs the accounts and glauth services to manage users. Until the default is switched +to libregraph/idm, oCIS has to be started with a custom configuration in order to use libregraph/idm as +the users and groups backend (this setup also disables the glauth and accounts service): + + +``` +export GRAPH_IDENTITY_BACKEND=ldap +export GRAPH_LDAP_URI=ldaps://localhost:9235 +export GRAPH_LDAP_BIND_DN="uid=libregraph,ou=sysusers,o=libregraph-idm" +export GRAPH_LDAP_BIND_PASSWORD=idm +export GRAPH_LDAP_USER_EMAIL_ATTRIBUTE=mail +export GRAPH_LDAP_USER_NAME_ATTRIBUTE=uid +export GRAPH_LDAP_USER_BASE_DN="ou=users,o=libregraph-idm" +export GRAPH_LDAP_GROUP_BASE_DN="ou=groups,o=libregraph-idm" +export GRAPH_LDAP_SERVER_WRITE_ENABLED="true" +export IDP_INSECURE="true" +export IDP_LDAP_FILTER="(&(objectclass=inetOrgPerson)(objectClass=owncloud))" +export IDP_LDAP_URI=ldaps://localhost:9235 +export IDP_LDAP_BIND_DN="uid=idp,ou=sysusers,o=libregraph-idm" +export IDP_LDAP_BIND_PASSWORD="idp" +export IDP_LDAP_BASE_DN="ou=users,o=libregraph-idm" +export IDP_LDAP_LOGIN_ATTRIBUTE=uid +export IDP_LDAP_UUID_ATTRIBUTE="ownclouduuid" +export IDP_LDAP_UUID_ATTRIBUTE_TYPE=binary +export PROXY_ACCOUNT_BACKEND_TYPE=cs3 +export OCS_ACCOUNT_BACKEND_TYPE=cs3 +export STORAGE_LDAP_HOSTNAME=localhost +export STORAGE_LDAP_PORT=9235 +export STORAGE_LDAP_INSECURE="true" +export STORAGE_LDAP_BASE_DN="o=libregraph-idm" +export STORAGE_LDAP_BIND_DN="uid=reva,ou=sysusers,o=libregraph-idm" +export STORAGE_LDAP_BIND_PASSWORD=reva +export STORAGE_LDAP_LOGINFILTER='(&(objectclass=inetOrgPerson)(objectclass=owncloud)(|(uid={{login}})(mail={{login}})))' +export STORAGE_LDAP_USERFILTER='(&(objectclass=inetOrgPerson)(objectclass=owncloud)(|(ownclouduuid={{.OpaqueId}})(uid={{.OpaqueId}})))' +export STORAGE_LDAP_USERATTRIBUTEFILTER='(&(objectclass=owncloud)({{attr}}={{value}}))' +export STORAGE_LDAP_USERFINDFILTER='(&(objectclass=owncloud)(|(uid={{query}}*)(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)(description={{query}}*)))' +export STORAGE_LDAP_USERGROUPFILER='(&(objectclass=groupOfNames)(member={{query}}*))' +export STORAGE_LDAP_GROUPFILTER='(&(objectclass=groupOfNames)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))' +export OCIS_RUN_EXTENSIONS=settings,storage-metadata,graph,graph-explorer,ocs,store,thumbnails,web,webdav,storage-frontend,storage-gateway,storage-userprovider,storage-groupprovider,storage-authbasic,storage-authbearer,storage-authmachine,storage-users,storage-shares,storage-public-link,storage-appprovider,storage-sharing,proxy,idp,nats,idm +export OCIS_INSECURE=true +bin/ocis server +``` + From 1c2d8d97ad3e314489522f7dbf08c9f3ab3e14a0 Mon Sep 17 00:00:00 2001 From: Pascal Wengerter Date: Wed, 23 Mar 2022 15:47:06 +0000 Subject: [PATCH 08/11] Automated changelog update [skip ci] --- CHANGELOG.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 186be7897..9c729b766 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,7 +17,7 @@ The following sections list the changes for unreleased. * Enhancement - Include etags in drives listing: [#3267](https://github.com/owncloud/ocis/pull/3267) * Enhancement - Improve thumbnails API: [#3272](https://github.com/owncloud/ocis/pull/3272) * Enhancement - Update reva to vXXXX: [#3330](https://github.com/owncloud/ocis/pull/3330) -* Enhancement - Update ownCloud Web to v5.3.0-rc.1: [#6561](https://github.com/owncloud/web/pull/6561) +* Enhancement - Update ownCloud Web to v5.3.0: [#6561](https://github.com/owncloud/web/pull/6561) ## Details @@ -96,16 +96,17 @@ The following sections list the changes for unreleased. https://github.com/owncloud/ocis/pull/3330 -* Enhancement - Update ownCloud Web to v5.3.0-rc.1: [#6561](https://github.com/owncloud/web/pull/6561) +* Enhancement - Update ownCloud Web to v5.3.0: [#6561](https://github.com/owncloud/web/pull/6561) Tags: web - We updated ownCloud Web to v5.3.0-rc.1. Please refer to the changelog (linked) for details on - the web release. + We updated ownCloud Web to v5.3.0. Please refer to the changelog (linked) for details on the web + release. https://github.com/owncloud/web/pull/6561 https://github.com/owncloud/ocis/pull/3291 - https://github.com/owncloud/web/releases/tag/v5.3.0-rc.1 + https://github.com/owncloud/ocis/pull/3375 + https://github.com/owncloud/web/releases/tag/v5.3.0 # Changelog for [1.18.0] (2022-03-03) The following sections list the changes for 1.18.0. From 02a9247e808c62b774225a29a176fe2fda96c15f Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Thu, 24 Mar 2022 10:36:10 +0545 Subject: [PATCH 09/11] Some grammar that the IDE noticed while I had these docs open --- docs/clients/rclone/webdav-sync-basic-auth.md | 4 ++-- docs/ocis/development/testing.md | 6 +++--- docs/ocis/getting-started/_index.md | 4 ++-- docs/ocis/migration.md | 16 ++++++++-------- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/docs/clients/rclone/webdav-sync-basic-auth.md b/docs/clients/rclone/webdav-sync-basic-auth.md index e30e93f9b..e922a156f 100644 --- a/docs/clients/rclone/webdav-sync-basic-auth.md +++ b/docs/clients/rclone/webdav-sync-basic-auth.md @@ -12,7 +12,7 @@ geekdocCollapseSection: true ## WebDAV with Basic Authentication {{< hint danger >}} -Basic Authentication is disabled by default in oCIS because of security considerations. In order to make the following Rclone commands work the oCIS administrator needs to enable Basic Authentication eg. by setting the the environment variable `PROXY_ENABLE_BASIC_AUTH` to `true`. +Basic Authentication is disabled by default in oCIS because of security considerations. In order to make the following Rclone commands work the oCIS administrator needs to enable Basic Authentication e.g. by setting the environment variable `PROXY_ENABLE_BASIC_AUTH` to `true`. Please consider to use [Rclone with OpenID Connect]({{< ref "webdav-sync-oidc.md" >}}) instead. {{< /hint >}} @@ -43,4 +43,4 @@ We now can use Rclone to sync the local folder `/tmp/test` to `/test` in your oC rclone sync :local:/tmp :webdav:/test ``` -If your oCIS doesn't use valid SSL certificates, you may need to use `rclone --no-check-certificate sync ...`. +If your oCIS doesn't use valid SSL certificates, you may need to use `rclone --no-check-certificate sync ...`. diff --git a/docs/ocis/development/testing.md b/docs/ocis/development/testing.md index f86bfc568..5d6a5d349 100644 --- a/docs/ocis/development/testing.md +++ b/docs/ocis/development/testing.md @@ -28,7 +28,7 @@ Basically we have two sources for feature tests and test suites: At the moment both can be applied to oCIS since the api of oCIS is designed to be compatible to ownCloud. -Since we have to offer an migration path to existing users of ownCloud, you can use your existing ownCloud as storage backend for oCIS. As another storage backend we offer oCIS native storage, also called "oCIS". This stores files directly on disk. Which storage backend is used is also reflected in the tests, there are always different tests for oCIS storage and ownCloud storage. +Since we have to offer a migration path to existing users of ownCloud, you can use your existing ownCloud as storage backend for oCIS. As another storage backend we offer oCIS native storage, also called "oCIS". This stores files directly on disk. Which storage backend is used is also reflected in the tests, there are always different tests for oCIS storage and ownCloud storage. You can invoke two types of test suite runs: @@ -55,7 +55,7 @@ This must be pointing to a valid feature definition. ### oCIS image to be tested (or: skip build and take existing image) -By default the tests will be run against docker image built from your current working state of the oCIS repository. For some purposes it might also be handy to use a oCIS image from Docker Hub. Therefore you can provide the optional flag `OCIS_IMAGE_TAG=...` which must contain an available docker tag of the [owncloud/ocis registry on Docker Hub](https://hub.docker.com/r/owncloud/ocis) (eg. 'latest'). +By default, the tests will be run against the docker image built from your current working state of the oCIS repository. For some purposes it might also be handy to use a oCIS image from Docker Hub. Therefore you can provide the optional flag `OCIS_IMAGE_TAG=...` which must contain an available docker tag of the [owncloud/ocis registry on Docker Hub](https://hub.docker.com/r/owncloud/ocis) (eg. 'latest'). ``` make -C tests/acceptance/docker localApiTests-apiAccountsHashDifficulty-ocis OCIS_IMAGE_TAG=latest @@ -75,7 +75,7 @@ The log output is opened in `less`. You can navigate up and down with your curso ### Cleanup -During testing we start an redis and oCIS docker container. These will not be stopped automatically. You can stop them with: +During testing we start a redis and oCIS docker container. These will not be stopped automatically. You can stop them with: ``` make -C tests/acceptance/docker clean diff --git a/docs/ocis/getting-started/_index.md b/docs/ocis/getting-started/_index.md index 72478eff2..9ee621d59 100644 --- a/docs/ocis/getting-started/_index.md +++ b/docs/ocis/getting-started/_index.md @@ -22,7 +22,7 @@ We are distributing oCIS as binaries and Docker images. {{< hint warning >}} The examples in this document assume that oCIS is accessed from the same host as it is running on (`localhost`). If you would like to access oCIS remotely please refer to the [Basic Remote Setup]({{< ref "../deployment/basic-remote-setup" >}}) section. Especially -to the notes about setting the `PROXY_HTTP_ADDR` and `OCIS_URL` enviroment variables. +to the notes about setting the `PROXY_HTTP_ADDR` and `OCIS_URL` environment variables. {{< /hint >}} You can find more deployment examples in the [deployment section]({{< ref "../deployment" >}}). @@ -113,7 +113,7 @@ The version command prints the version of your installed oCIS. ocis --version {{< / highlight >}} -The health command is used to execute a health check, if the exit code equals zero the service should be up and running, if the exist code is greater than zero the service is not in a healthy state. Generally this command is used within our Docker containers, it could also be used within Kubernetes. +The health command is used to execute a health check, if the exit code equals zero the service should be up and running, if the exit code is greater than zero the service is not in a healthy state. Generally this command is used within our Docker containers, it could also be used within Kubernetes. {{< highlight txt >}} ocis health --help diff --git a/docs/ocis/migration.md b/docs/ocis/migration.md index f11fca320..75fecff6c 100644 --- a/docs/ocis/migration.md +++ b/docs/ocis/migration.md @@ -45,7 +45,7 @@ _TODO allow limiting the web ui switch to an 'early adopters' group_ #### Validation -Ensure switching back an forth between the classic ownCloud 10 web UI and ownCloud web works as at our https://demo.owncloud.com. +Ensure switching back and forth between the classic ownCloud 10 web UI and ownCloud web works as at our https://demo.owncloud.com. #### Rollback Should there be problems with ownCloud web at this point it can simply be removed from the menu and be undeployed. @@ -82,7 +82,7 @@ When introducing OpenID Connect, the clients will detect the new authentication reauthorize at the OpenID Connect IdP, which again, may be configured to skip the consent step for trusted clients. #### Steps -1. There are multiple products that can be used as an OpenID Connect IdP. We test with [LibreGraph Connect](https://github.com/libregraph/lico), which is also [embedded in oCIS](https://github.com/owncloud/web/). Other alternatives include [Keycloak](https://www.keycloak.org/) or [Ping](https://www.pingidentity.com/). Please refer to the corresponding setup instructions for the product you intent to use. +1. There are multiple products that can be used as an OpenID Connect IdP. We test with [LibreGraph Connect](https://github.com/libregraph/lico), which is also [embedded in oCIS](https://github.com/owncloud/web/). Other alternatives include [Keycloak](https://www.keycloak.org/) or [Ping](https://www.pingidentity.com/). Please refer to the corresponding setup instructions for the product you intend to use.
@@ -308,7 +308,7 @@ _Feel free to add your question as a PR to this document using the link at the t
### Stage-6: parallel deployment -Running ownCloud 10 and oCIS in parallel is a crucial stage for the migration: it allows users access to group shares regardless of the system that is being used to to access the data. A user by user migration with multiple domains would technically break group shares when users vanish because they (and their data) are no longer available in the old system. +Running ownCloud 10 and oCIS in parallel is a crucial stage for the migration: it allows users access to group shares regardless of the system that is being used to access the data. A user by user migration with multiple domains would technically break group shares when users vanish because they (and their data) are no longer available in the old system. Depending on the amount of power users on an instance, the admin may want to allow users to voluntarily migrate to the oCIS backend. A monitoring system can be used to visualize the behavior for the two systems and gain trust in the overall stability and performance. @@ -324,7 +324,7 @@ _TODO @butonic update performance comparisons nightly_ #### Steps There are several options to move users to the oCIS backend: - Use a canary app to let users decide themselves -- Use an early adopters group with an opt in +- Use an early adopters group with an opt-in - Force migrate users in batch or one by one at the administrators will #### Verification @@ -469,8 +469,8 @@ Depending on chosen the share manager provider some sharing requests should be f _TODO for HA implement share manager with redis / nats / ... key value store backend: use the micro store interface please ..._ _TODO for batch migration implement share data migration cli with progress that reads all shares via the cs3 api from one provider and writes them into another provider_ -_TODO for seamless migration implement tiered/chained share provider that reads share data from the old provider and writes newc shares to the new one_ -_TODO for storage provider as source of truth persist ALL share data in the storage provider. Currently, part is stored in the share manager, part is in the storage provider. We can keep both, but the the share manager should directly persist its metadata to the storage system used by the storage provider so metadata is kept in sync_ +_TODO for seamless migration implement tiered/chained share provider that reads share data from the old provider and writes new shares to the new one_ +_TODO for storage provider as source of truth persist ALL share data in the storage provider. Currently, part is stored in the share manager, part is in the storage provider. We can keep both, but the share manager should directly persist its metadata to the storage system used by the storage provider so metadata is kept in sync_
@@ -588,7 +588,7 @@ The `filecache` table itself has more metadata: | `checksum` | varchar(255) | YES | | NULL | | *same as blob checksum* | SHOULD become the checksum in the storage provider. eos calculates it itself, `ocis` driver stores it in extended attributes | -> Note: for EOS a hot migration only works seamlessly if file ids in oc10 are already read from eos. otherwise either a mapping from the oc10 filecache file id to the new eos file id has to be created under the assumption that these id sets do not intersect or files and corresponding shares need to be exported and imported offline to generate a new set of ids. While this will preserve public links, user, group and even federated shares, old internal links may still point to different files because they contain the oc10 fileid +> Note: for EOS a hot migration only works seamlessly if file ids in oc10 are already read from eos. Otherwise, either a mapping from the oc10 filecache file id to the new eos file id has to be created under the assumption that these id sets do not intersect or files and corresponding shares need to be exported and imported offline to generate a new set of ids. While this will preserve public links, user, group and even federated shares, old internal links may still point to different files because they contain the oc10 fileid
@@ -682,7 +682,7 @@ _TODO clarify how OCM handles this and where we store / configure this. It seems Users are migrated in two steps: 1. They should all be authenticated using OpenID Connect, which already moves them to a common identity management system. -2. To search share recipients, both, ownCloud 10 and oCIS need access to the same user directory using eg. LDAP. +2. To search share recipients, both, ownCloud 10 and oCIS need access to the same user directory using e.g. LDAP.
From 1024fe3e88047ab8cc614ccdcb7681ac4aa04cda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= Date: Thu, 24 Mar 2022 10:57:13 +0100 Subject: [PATCH 10/11] use publicstorage rewrite (#3349) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jörn Friedrich Dreyer --- changelog/unreleased/publicstorageprovider-rewrite.md | 5 +++++ go.mod | 2 +- go.sum | 4 ++-- storage/pkg/command/gateway.go | 8 ++++++-- 4 files changed, 14 insertions(+), 5 deletions(-) create mode 100644 changelog/unreleased/publicstorageprovider-rewrite.md diff --git a/changelog/unreleased/publicstorageprovider-rewrite.md b/changelog/unreleased/publicstorageprovider-rewrite.md new file mode 100644 index 000000000..800b0d0f8 --- /dev/null +++ b/changelog/unreleased/publicstorageprovider-rewrite.md @@ -0,0 +1,5 @@ +Bugfix: replace public mountpoint fileid with grant fileid + +We now show the same resoucre id for resources when accessing them via a public links as when using a logged in user. This allows the web ui to start a WOPI session with the correct resource id. + +https://github.com/owncloud/ocis/pull/3349 diff --git a/go.mod b/go.mod index 40c460bc9..9415e5d13 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/blevesearch/bleve/v2 v2.3.1 github.com/coreos/go-oidc/v3 v3.1.0 github.com/cs3org/go-cs3apis v0.0.0-20220126114148-64c025ccdd19 - github.com/cs3org/reva/v2 v2.0.0-20220321093112-25cedab9f739 + github.com/cs3org/reva/v2 v2.0.0-20220324071330-5bbdbf17c339 github.com/disintegration/imaging v1.6.2 github.com/glauth/glauth/v2 v2.0.0-20211021011345-ef3151c28733 github.com/go-chi/chi/v5 v5.0.7 diff --git a/go.sum b/go.sum index eac537abe..d099f0aaf 100644 --- a/go.sum +++ b/go.sum @@ -335,8 +335,8 @@ github.com/crewjam/saml v0.4.6/go.mod h1:ZBOXnNPFzB3CgOkRm7Nd6IVdkG+l/wF+0ZXLqD9 github.com/cs3org/cato v0.0.0-20200828125504-e418fc54dd5e/go.mod h1:XJEZ3/EQuI3BXTp/6DUzFr850vlxq11I6satRtz0YQ4= github.com/cs3org/go-cs3apis v0.0.0-20220126114148-64c025ccdd19 h1:1jqPH58jCxvbaJ9WLIJ7W2/m622bWS6ChptzljSG6IQ= github.com/cs3org/go-cs3apis v0.0.0-20220126114148-64c025ccdd19/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY= -github.com/cs3org/reva/v2 v2.0.0-20220321093112-25cedab9f739 h1:GD8ZoMqRKclM0dP5hjSMXals9vRWHPH2hOeBruCuQlg= -github.com/cs3org/reva/v2 v2.0.0-20220321093112-25cedab9f739/go.mod h1:XNtK1HEClNzmz5vyQa2DUw4KH3oqBjQoEsV1LhAGlV0= +github.com/cs3org/reva/v2 v2.0.0-20220324071330-5bbdbf17c339 h1:87SSTW39Ub8h9NmPA4oBJfv4R82NmGh8h8enymWxzPM= +github.com/cs3org/reva/v2 v2.0.0-20220324071330-5bbdbf17c339/go.mod h1:XNtK1HEClNzmz5vyQa2DUw4KH3oqBjQoEsV1LhAGlV0= github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI= github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= diff --git a/storage/pkg/command/gateway.go b/storage/pkg/command/gateway.go index b1f50b0f5..0001637aa 100644 --- a/storage/pkg/command/gateway.go +++ b/storage/pkg/command/gateway.go @@ -253,8 +253,12 @@ func spacesProviders(cfg *config.Config, logger log.Logger) map[string]map[strin // public link storage returns the mount id of the actual storage cfg.Reva.StoragePublicLink.Endpoint: { "spaces": map[string]interface{}{ - "public": map[string]interface{}{ - "mount_point": "/public", + "grant": map[string]interface{}{ + "mount_point": ".", + }, + "mountpoint": map[string]interface{}{ + "mount_point": "/public", + "path_template": "/public/{{.Space.Root.OpaqueId}}", }, }, }, From b0745e115ff496fd5e11b435ea0822904bd5b022 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= Date: Thu, 24 Mar 2022 09:58:08 +0000 Subject: [PATCH 11/11] Automated changelog update [skip ci] --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9c729b766..674619ecb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ The following sections list the changes for unreleased. * Bugfix - Network configuration in individiual_services example: [#3238](https://github.com/owncloud/ocis/pull/3238) * Bugfix - Improve gif thumbnails: [#3305](https://github.com/owncloud/ocis/pull/3305) * Bugfix - Fix error handling in GraphAPI GetUsers call: [#3357](https://github.com/owncloud/ocis/pull/3357) +* Bugfix - Replace public mountpoint fileid with grant fileid: [#3349](https://github.com/owncloud/ocis/pull/3349) * Change - Settings service now stores its data via metadata service: [#3232](https://github.com/owncloud/ocis/pull/3232) * Enhancement - Audit logger will now log file events: [#3332](https://github.com/owncloud/ocis/pull/3332) * Enhancement - Add password reset link to login page: [#3329](https://github.com/owncloud/ocis/pull/3329) @@ -41,6 +42,14 @@ The following sections list the changes for unreleased. https://github.com/owncloud/ocis/pull/3357 +* Bugfix - Replace public mountpoint fileid with grant fileid: [#3349](https://github.com/owncloud/ocis/pull/3349) + + We now show the same resoucre id for resources when accessing them via a public links as when + using a logged in user. This allows the web ui to start a WOPI session with the correct resource + id. + + https://github.com/owncloud/ocis/pull/3349 + * Change - Settings service now stores its data via metadata service: [#3232](https://github.com/owncloud/ocis/pull/3232) Instead of writing files to disk it will use metadata service to do so